Comment: WordPress Plugin Bug Exposes 200K+ Sites

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites. […]

Experts On Ledger Warns Over New YouTube Phishing Streams

YouTube

Hardware wallet creator Ledger has issued a warning to clients to be vigilant of Youtube accounts designed as phishing scams. According to a tweet published Jan. 27, Ledger claimed to be facing phishing attacks by way of hacked YouTube accounts. The company reiterated that they are not affiliated with the series of video streams and […]

Experts Analysis Of Wawa Breach Potentially Compromised 30 Million+ Payment Cards

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold […]

Cyber Breach Causes Shares To Fall For Medical Manufacturing Firm Tissue Regenix

healthcare app

It has been reported that medical products maker Tissue Regenix Group said yesterday that its computer systems and a third-party IT service provider in the United States were accessed without authorization, sending its shares down as much as 22%. The company said it had taken the affected systems offline, appointed external specialists to investigate the incident and was […]

Experts On Snake Ransomware

Following the news that a new piece of file-encrypting ransomware, which some are linking to Iran, has been targeting processes and files associated with industrial control systems (ICS), please see below for a comment from experts. 2020-02-20: ‘#Snake’ #Ransomware Linked to Iran, Targets Industrial ControlsFact Check/Clarification to this story:🤔💬Hmm we found bapco@email when we discovered #Snake/#Ekans via […]

United Nations Hacked – Security Expert Comments

An internal confidential document from the UN was leaked, saying that 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at its offices in Geneva and Vienna. Three of the compromised servers belonged to the Office of the High Commissioner for Human Rights, and two were used by the U.N. Economic Commission […]

Amazon Ring Under Attack – Privacy Advocate Comments

AWS Security

The Ring doorbell app for Android sends personally identifiable information of customers to third parties without “meaningful” user knowledge or consent, according to new research by the Electronic Frontier Forum (EFF). Ring user names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data are all sent to four analytics and marketing companies – […]

Security Expert Re: Major Facebook Data Partner LiveRamp Hacked To Launch Scams

Cnet reported late today that a major Facebook data partner was hacked to gain access to advertising accounts and operate credit card scams.  In October,  hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company’s Business Manager account — allowing them to run ads using other people’s money. https://twitter.com/alfredwkng/status/1222628011008319491